Effective Date: May 8, 2025  |  Last Updated: May 8, 2025  |  Scope: chinesepurifier.com and all sub-pages

This Privacy Policy is established in accordance with the General Data Protection Regulation (GDPR), China’s Personal Information Protection Law (PIPL), and other applicable privacy regulations. It applies to business representatives, procurement professionals, and commercial contacts who interact with our website in the course of B2B trade activities. This website is operated exclusively as a business-to-business (B2B) platform and does not target individual consumers.

1. Data Controller Information

The following entity acts as the Data Controller for personal data processed through this website:

  • Company Name: Chinese Purifier (Water Purifier B2B Export & Procurement Platform)
  • Website: https://chinesepurifier.com
  • Business & Data Protection Contact: business@chinesepurifier.com
  • Platform Infrastructure: WordPress 6.9, GeneratePress Child Theme, LiteSpeed-powered cloud hosting

If you are located in the European Union or European Economic Area and have questions regarding your data rights, you may contact us at the email above. We are committed to responding to all data-related inquiries within the timeframes prescribed by applicable law.

2. Types of Data We Process

We adhere strictly to the principle of data minimization — collecting only what is necessary for legitimate B2B operational purposes. We do not process consumer data and do not engage in direct-to-consumer sales or marketing.

2.1 Data Actively Provided by Business Contacts

  • Inquiry & Partnership Requests: Full name, job title, company name, country of registration, business email address, telephone number, product or procurement requirements
  • Sample or Quotation Requests: Company mailing address, delivery details, product specifications, target order quantities
  • Commercial Correspondence: Email thread content and attachments exchanged during the course of business negotiation or order follow-up
  • Trade Documentation: Where applicable, business license numbers, tax registration details, or importer/exporter registration information required for customs or compliance purposes

2.2 Automatically Collected Technical Data

  • Server Access Logs: IP address, HTTP request method, timestamp, HTTP status code, accessed page URL, referring URL (Referrer)
  • Device & Browser Fingerprint: Browser type and version, operating system, screen resolution, language settings — collected via User-Agent string for compatibility and security purposes
  • Behavioral Analytics: Page view sequences, product page dwell time, inquiry form interaction patterns — collected by Google Analytics 4 in anonymized form to optimize product presentation and inquiry conversion
  • Cookie Data: See Section 4 for full details

2.3 Data Received from Third-Party Trade Platforms

  • When business contacts reach us via third-party B2B directories or trade platforms, we may receive basic business profile information (company name, contact name, inquiry content) as transmitted by those platforms. Such platforms operate under their own privacy policies.

3. Legal Basis for Processing (GDPR Article 6)

Every data processing activity carried out by this website has a clearly identified legal basis under applicable law:

  • Pre-contractual Measures & Contract Performance (Art. 6(1)(b)): Processing inquiries, issuing quotations, negotiating terms, executing procurement contracts, and managing order fulfillment and after-sale communication
  • Legitimate Business Interests (Art. 6(1)(f)): Maintaining client relationship records, conducting anonymized market behavior analysis to improve our B2B service offering, ensuring website security and fraud prevention. A Legitimate Interests Assessment (LIA) has been conducted confirming that these interests do not override the data subjects’ rights and freedoms.
  • Legal Obligation (Art. 6(1)(c)): Retaining transaction, export documentation, and financial records as required by Chinese export trade regulations, customs law, and applicable tax legislation
  • Consent (Art. 6(1)(a)): Sending commercial newsletters, product updates, or trade fair announcements to business contacts who have explicitly subscribed. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

4. Cookie Policy

Cookies are small text files stored on your device. We use cookies solely for operational, performance, and analytics purposes relevant to our B2B platform.

4.1 Strictly Necessary Cookies (No Consent Required)

  • wordpress_*, wp-settings-*: WordPress session management; applies only to logged-in administrators and editors — not to regular website visitors
  • litespeed_vary: LiteSpeed Cache differentiation token; enables server-side caching to improve page load performance for global visitors
  • PHPSESSID: Server session identifier to maintain stateful form submissions across page requests

4.2 Performance & Analytics Cookies (Consent Required)

  • _ga, _ga_* (Google Analytics 4): Anonymized visitor and session analytics used to identify high-interest product categories and optimize inquiry funnel performance; data retention set to 13 months in GA4 admin; full IP addresses are anonymized client-side before transmission to Google servers
  • _gid: Session-level user differentiation; expires after 24 hours

You may manage your cookie preferences via your browser settings or opt out of Google Analytics data collection at: tools.google.com/dlpage/gaoptout. Disabling analytics cookies will not affect your ability to browse product information or submit business inquiries.

5. Data Sharing & Disclosure

We do not sell, rent, or commercially share business contact data under any circumstances. Data is shared only with the following parties on a need-to-know basis:

5.1 Data Processors (Bound by Data Processing Agreements)

  • Google LLC (Google Analytics 4): Anonymized website analytics; data transferred to the United States under the EU-US Data Privacy Framework; Google Privacy Policy: policies.google.com/privacy
  • Cloud Hosting Provider: Provides server infrastructure for website operation; bound by contractual data confidentiality obligations and information security standards
  • Akismet / Automattic Inc. (if enabled): Comment spam filtering; processes only comment content and submitter IP address

5.2 Trade & Logistics Partners (Independent Data Controllers)

  • Freight Forwarders & Customs Brokers: Where physical sample shipments or commercial goods are dispatched, consignee name, delivery address, and contact information are shared with our designated logistics and customs clearance partners solely for shipment processing and regulatory compliance
  • Third-Party B2B Trade Platforms: Where business is originated from or conducted through third-party platforms, the relevant platform may independently process shared contact data in accordance with its own privacy policy

5.3 Legal Disclosure

  • We may disclose personal data when required to do so by law, court order, or regulatory authority. We will notify affected parties in advance to the extent permitted by law, and will disclose only the minimum information necessary to satisfy the legal requirement.

6. International Data Transfers

As an export-oriented B2B platform, our operations inherently involve cross-border data flows. We ensure all international transfers are conducted with appropriate safeguards:

  • For EU/EEA Business Contacts: Data transfers to countries outside the EEA are conducted under Standard Contractual Clauses (SCCs) as adopted by the European Commission, or via the EU-US Data Privacy Framework where applicable
  • For Contacts Subject to Chinese PIPL: Cross-border transfers are conducted in accordance with Article 38 of the Personal Information Protection Law, including execution of standard contracts prescribed by the Cyberspace Administration of China (CAC) where required
  • Google Analytics Data: IP anonymization is enforced at the browser level prior to any data leaving China, ensuring no full IP addresses are transmitted internationally

7. Data Retention Schedule

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law:

  • Inquiry & Quotation Records: Retained for 5 years from the date of last commercial interaction, in compliance with Chinese export trade compliance requirements
  • Executed Contract & Transaction Data: Retained for 10 years as required by applicable commercial and tax legislation
  • Non-Converted Inquiries: Retained for 2 years from date of submission, then permanently deleted
  • Trade Documentation (customs, shipping records): Retained for the period mandated by Chinese customs law and applicable import regulations of the destination country
  • Commercial Email Subscription Lists: Retained until unsubscription, plus a 30-day grace period, then permanently purged
  • Website Server Access Logs: Raw logs retained for 90 days; anonymized aggregated statistics retained indefinitely for trend analysis
  • Google Analytics Event Data: Retained for 13 months as configured in GA4 admin settings

8. Rights of Business Contacts

Although our platform is B2B-oriented, individual persons — such as procurement managers, sales representatives, and technical contacts — who interact with us retain full data subject rights. We are committed to honoring these rights without delay or discrimination.

8.1 Rights Under GDPR (EU/EEA Contacts)

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you, provided free of charge and fulfilled within 30 calendar days
  • Right to Rectification (Art. 16): Request correction of inaccurate or outdated information — particularly important when job titles, company affiliations, or contact details change
  • Right to Erasure / Right to be Forgotten (Art. 17): Request deletion of your personal data where it is no longer necessary for the purpose collected, or where consent has been withdrawn — subject to legal retention obligations
  • Right to Restriction of Processing (Art. 18): Request suspension of active data processing during a dispute or verification period
  • Right to Data Portability (Art. 20): Receive your submitted data in a structured, machine-readable format (CSV or JSON) upon request
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including receipt of commercial communications
  • Right Not to Be Subject to Automated Decision-Making: We do not engage in automated profiling or algorithmic decision-making that produces legal or similarly significant effects on individuals
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the data protection supervisory authority in your EU member state

8.2 Rights Under PIPL (Contacts Subject to Chinese Law)

  • Rights to know, decide, access, correct, delete, and transfer personal information as provided under Articles 44–47 of China’s Personal Information Protection Law
  • Right to withdraw consent for non-essential data processing at any time
  • Right to lodge complaints with the Cyberspace Administration of China (CAC) or other competent authorities

To exercise any of the above rights, please submit a written request to business@chinesepurifier.com with the subject line “Data Subject Rights Request.” We will acknowledge receipt within 5 business days and fulfill the request within 30 calendar days (extendable by an additional 30 days for complex requests, with prior notification).

9. Data Security Measures

We implement layered technical and organizational security measures proportionate to the nature of the data we process:

  • Encryption in Transit: Full-site HTTPS enforcement (TLS 1.2 minimum); all HTTP requests are permanently redirected to HTTPS via HSTS headers
  • Access Control: WordPress admin panel protected by strong password policy and two-factor authentication (2FA); role-based access control with principle of least privilege applied to all internal users
  • Software Security: WordPress core, GeneratePress theme, and all plugins maintained at latest stable releases; security audit conducted prior to any plugin installation
  • Server-Level Protection: LiteSpeed Web Application Firewall (WAF), DDoS mitigation, and brute-force login protection active at infrastructure level
  • Data Backup: Automated daily encrypted backups with off-site redundant storage; recovery procedures tested periodically
  • Vendor Security: All third-party processors are contractually required to maintain information security standards consistent with or exceeding our own
  • Data Breach Response: In the event of a personal data breach likely to result in risk to individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware, and will communicate directly with affected data subjects without undue delay

10. Third-Party Links

This website may contain links to supplier websites, certification body portals, industry associations, trade media, and logistics partner pages. We exercise no control over the data practices of these third parties and are not responsible for their privacy policies or content. We recommend reviewing the privacy policy of any third-party site before submitting personal or business information. This Privacy Policy applies solely to chinesepurifier.com.

11. Changes to This Policy

We reserve the right to update this Privacy Policy as our business operations evolve, as technology changes, or as required by new legal obligations. The “Last Updated” date at the top of this page reflects the most recent revision.

  • Material Changes: For significant changes affecting data subject rights or data processing purposes, we will notify existing business contacts via email at least 30 days before the changes take effect and, where required by law, seek renewed consent
  • Minor Updates: Corrections, clarifications, or administrative updates will be reflected by the updated date only; continued use of the website constitutes acceptance

12. Contact & Complaints

For all privacy-related inquiries, data subject rights requests, or concerns about our data handling practices, please contact us using the details below:

Data Controller: Chinese Purifier
Data Protection & Business Contact: business@chinesepurifier.com
Website: https://chinesepurifier.com
Response Commitment: General inquiries within 3 business days; formal data rights requests within 30 calendar days

If you are unsatisfied with our response, you have the right to escalate your complaint to the relevant data protection authority, including: the supervisory authority of your EU member state, the UK Information Commissioner’s Office (ICO), or the Cyberspace Administration of China (CAC) at www.12377.cn.